Hi everyone! For… I guess over a year now? I’ve been observing and trying out lots of software recommended by the privacy community and internet as a whole. With that time, I’ve been able to slowly put together a list of all the software I personally believe to be the best for their own various reasons. I finally have enough to be able to share it with all of you!
I’m also looking for feedback. I haven’t tried all the software on that list, and I’m sure there’s software I’ve never heard of that needs added. I’m looking for your feedback on what you think should be added, removed, or changed. That includes the list itself, if you think there are any design improvements.
Do note: Any software marked with a ⭐️ I am not looking for feedback on. This is software that I firmly believe is the best of the best in its category, and likely will not be changed. However, if there is a major issue with the software that you can provide direct proof of, then there is a chance it will be changed in the next release. There are no grantees.
The sections marked with ℹ️ are lacking, and can use your help! Some software there may not be the best one, or may have many software or sections missing. I am absolutely looking for help and feedback here, and would love your help!
My goal with this project is to help people find the best software from many standpoints, and to prove that there really are good open source alternatives for almost anything! I hope this helps someone, and I look forward to your feedback!
Thank you all for reading and taking the time to look through my list!
Edit: This project has moved to GitLab!
Removed by mod
Hi! I agree that it is getting cluttered with emojis. I plan to revamp this today to clear it up a bit. Thanks for your feedback!
Edit: Decluttered in version 5.2024.09.15.1
use readme badges.
I will look into that today, thank you! Stay tuned for the next release :)
Edit: Partially fixed as of Version 7.2024.09.16.0
Yeah a table with text instead of emojis would be easier to read, the problem with emojis is constantly scrolling back up to remember what they mean.
For platforms, they are clear enough that they can remain the same. As for the badges, there are very few that I tried to keep fairly intuitive. The goal is to use color and pictures to very easily recognize the value of software at a glance, rather than having to read each word (words all look the same at a glance). A better solution may be to add labels alongside the stamps to provide the best of both worlds.
Not to disparage your effort, but I looked into music and I only see:
Audio & Music
Audacity Audire Audile
Aaaand I’m out.
This is so lopsided it should be titled “A random collection of free software that has caught my eye”
I’m sorry you weren’t satisfied with some of the software on my list. Audire and Audile are not options I preferred to add, but there are simply no better music recognition apps out there that I could find. I would love to know if you have any! As for Audacity, I’m not sure what concerns you have over that. If you have any constructive feedback, I’d love to hear it!
The project is still in its early stages, so not everything is perfect :)
Tenacity is a telemetry-free fork of Audacity for a start
How about Music players, Sequencers, studio, DJ, Drum machines, Guitar software amps, software radios…
The fact that you simply ignored music players disqualifies your list. Also considering that Arch’s AUR, for example has over 90.000 packages, the idea of one person compiling a useful general “best of” list is deluded and doomed from the start.
I don’t write this acrimoniously, I simply state the fact that unless you enlist help (and a lot at that) your endeavor is useless.
The fact that you simply ignored music players disqualifies your list.
As I said, the list is still brand new. It doesn’t have everything yet. The entire list should not be discounted because of this. If you have software you would like to see added, please post an issue on the repo with links and it likely will be added.
Also considering that Arch’s AUR, for example has over 90.000 packages, the idea of one person compiling a useful general “best of” list is deluded and doomed from the start.
If you don’t like my list, I encourage you to make your own. These are simply my opinions, which won’t always be for everyone. Arch/AUR is not a be-all-end-all either.
I simply state the fact that unless you enlist help (and a lot at that) your endeavor is useless.
It is fruitful to share my own list and experiences for those looking for it. Incompleteness is not useless.
Love that you have Joplin on the list! I started using that recently to handle all of my notes and it’s been great.
I’m still on Google’s Keep. Please tell me why I should switch.
Your data has monetary value to google. Giving them access, without getting any money from them (or even knowing what ways it will be used) is not something you must do.
If the app provides enough value that is unique to it, then thats OK, but if a data-respecting alternative exists that costs nothing to download or use, and fits the same (or more) needs, then using it just makes sense.
If thats not you, then thats ok.
I also use keep, but thats because I haven’t degoogled my phone yet, so they already have most if not all of that data. Once I am in a position to be able to root and remove google without risking bricking my device (currently unhoused, and just cannot risk it rn), then I plan on never touching the damn thing.
To each their own.
Your data has monetary value to google. Giving them access, without getting any money from them (or even knowing what ways it will be used) is not something you must do.
To be fair, while you may not be getting money in its direct form (cash, bank deposit, etc) from Google, they are providing you a service which costs them money for free. So they are providing something of monetary value.
Only the individual can determine if their data is worth that free (to the individual, not free to Google) service. I’m assuming that most people in a privacy community would be against that, though.
Agreed. But as we have recently seen, its of more value to google than some of us ever thought. They are fighting long practiced User Blocking/geohoping and whatnot, and they are burning through serious cash and social credit with some of the bullshit they’ve been doing.
I know damn well my data is worth a fair amount more to the market, and that’s reason enough for me.
- Joplin has a lot of customization
- Can store your notes wherever you want (Dropbox, WebDAV, OneDrive, Nextcloud, Joplin’s own cloud service, etc)
- Backups can optionally be encrypted (you set a password used to decrypt them and store that somewhere)
- You can make multiple notebooks in the hierarchy structure you want
- Open source
- Markdown (if you’re into that)
- Plugin support
- Tags
How about not hosting this list in Microsoft’s GitHub?
Creating mirrors on other platforms such as GitLab and Codeberg is on my to-do list. Thank you!
lemmy hosts their source code on github and alot of floss sites uses github also i agree with you not to use github dont understand why people use github for markdown
A lot of others do it, that’s your argument?
no but there is better services for text not github like rentry and stuff github was meant for code hosting
For instant messengers, I would also add Wire and Matrix/Element (Matrix is the protocol, Element is the messenger that uses the protocol).
https://matrix.org/ - https://element.io/
Both good open source secure messengers. Matrix is made by a type of non-profit foundation made to guide the development of the core protocol, and Wire is a Swiss company staking their future on how secure their messenger is for Enterprise applications. They both have different philosophies on how their operations are ran, but they’re both open source and secure.
They’re not as privacy respecting as Briar or SimpleX, but they’re also more aimed at organizations and groups that plan on self-hosting and potentially not federating with the rest of the network to help silo their organizational data. Wire obviously aims towards Enterprise customers, but Matrix does as well, despite a different approach. Matrix has had growth with both German and French governments for various secure communications systems within their government bodies based on the matrix protocol. So good messengers, just aimed at a different group of people as Briar/SimpleX.
So maybe they could have their own “Enterprise Chat” section? I dunno, just my thoughts.
Hi! Thanks for the feedback!
The “Video Conferencing Tools” section is my aim at enterprise applications. My goal there was to find an app that is available for Online, Windows, macOS, Linux, ChromeOS, Android, and iOS that supports group chats, video calls, and screen sharing. I was only able to find Infomaniak kMeet, which I’m not even sure fits the bill. If you have any suggestions that meet these requirements, I would be happy to add them!
In the meantime, feel free to make an issue on the repo suggesting these services!
There is BigBlueButton. It’s more focused in educational usecases (online classes and the like) but it works just fine for everything else. You need to host it yourself, but there are hosted instances out there. I for example use senfcall.
But I think we are talking about different things here. What Chanuk was talking about (I think) is a ms-teams or slack alternative, not a zoom or oracle WebEx alternative. Basically Discord but for business. Sidenote: there is a open source Discord clone called revolt
Element meets all of that criteria
To my knowledge, Element has no way to share the desktop/screen. If I am wrong about this, please let me know!
Using element everyday,it has feature of sharing screen.
1:1 calls, sharing is available through their WebRTC implementation. Group calls if they’re still using Jitsi are done through Jitsi, which has support for them
Thank you. Was going to suggest matrix/elements. But you explained it better ;)
It has really improved the last years. Especially the e2e encryption key sharing, and verfication system vs what was before.
Thanks! I’ll give it a gander. I was off hiking today, and used some crappy app to track my progress. I know there’s an open source ware that can do it, without invading my privacy; it’s time to start using that ‘ware.
Trail Sense mentioned in my list has options for tracking hiking progress. Unfortunately, open source health apps are few and far between.
Gnome Health and my GNU Health works well. Linux only though
For health apps I like medilog: https://fdroid.gitlab.io/jekyll-fdroid/packages/com.zell_mbc.medilog/
I’ll be sure to check it out, thank you!
My latest favourite is missing: Note Taking Apps:
Joplin is good for organising text-based notes, so I’m not surprised to see that on your list. But xournal is a for mixed drawing / hand-writing / text, etc. So it’s a different use-case to Joplin. (It would be perfect if Joplin supported xournal notes; so that you could write with xournal and then organise with Joplin. … But that hasn’t yet come to pass.)
No rsync? No pass? I’d definitely have the xmpp and matrix protocols on that list with a few clients listed for desktop and mobile.
Hi! If you have any suggestions for software, please provide links to them and I will be sure to check them out! Ideally, open an issue on the repo (this is the best way for it to be added). Thanks for the suggestions!
pass - password manager https://www.passwordstore.org/
rsync - provides fast incremental file transfer https://rsync.samba.org/
xmpp - the universal messaging standard https://xmpp.org/
matrix - an open network for secure, decentralised communication https://matrix.org/
retroshare - private and secure commmunication and sharing platform. RetroShare provides filesharing, chat, messages, forums and channels. https://retroshare.cc/
Nice list. I chuckled at the fact that the bitcoin section does not recommend bitcoin :) We’re also here on lemmy, if you ever need help or just want to say hi
Hi! Thanks for taking a look. I used a template to categorize some of the software early on, and this slipped into the initial release. Thanks for noticing! I’ll rename it accordingly.
man i wish there was a more powerful alternative to gimp hope gimp 3.0 solves it and currently am using the affinity photo 6 month free trial
Now plz do hardware
There’s obviously a zillion open source games you could add, but I’m partial to pixel dungeon and its many variants
I’ll certainly add it, thanks!
Bookmarking this. How about a photo library category under photos and grafics
Thanks for bookmarking! I will absolutely be adding a photo library, it was something that slipped under my radar. Thank you!
Edit: Added in version 5.2024.09.15.1
Why KeePassXC over Bitwarden or VaultWarden?
I’m no expert, but I think KeePassXC doesn’t need to sign in to a server somewhere.
You can also self-host bitwarden.
This still requires a server setup, focused entirely on passwords. Why do that?
Why not just use KeePass or KeePassXC, and use Syncthing for this and general files, or KeePassXC’s keeshare sync to sync the files without any hosting, server, or other services.
Extremely simplified tldr: both of these are like a authenticated private bittorrent, where the “tracker” only helps you find yourself on another devices, no data is ever sent outside of your authenticaed devices, and all transmissions are encrypted as well.
Few reasons, with the most important being convenience. Syncthing is going to see just a binary blob as the password storage is encrypted. This means it is impossible for syncthing to do proper synchronization of items inside the vault. Generally this is not a problem, but it is if you happen to edit the vault on multiple devices and somehow syncthing didn’t sync yet the changes (this is quite common for me on android, where syncthing would drain the battery quite quickly if it’s always actively working). For bitwarden on the other hand the sync happens within the context of the application, so you can have easy n-way merge of changes because its change is part of a change set with time etc.
Besides that, the moment you use syncthing from a threat model point of view, you are essentially in the same situation: you have a server (in case of syncthing - servers) that sees your encrypted password data. That’s exactly what bitwarden clients do, as the server only has access to encrypted data, the clients do the heavy lifting. If the bitwarden server is too much of a risk, then you should worry also of the (random, public, owned by anybody) servers for syncthing that see your traffic.
Keeshare from my understanding does use hosting, it uses cloud storage as a cloud backend for stateful data (Gdrive, Dropbox etc.), so it’s not very different. The only difference would be if you use your private storage (say, Synology Drive), but then you could use the same device to run the bit/vaultwarden server, so that’s the same once again.
The thing is, from a higher level point of view the security model can only be one of a handful of cases:
- the password data only remains local
- the password data is sync’d with device-to-device (e.g. ssh) connections
- the password data is sync’d using an external connection that acts as a bridge or as a stateful storage, where all the clients connect to.
The more you go down in the list, the more you get convenience but you introduce a bit of risk. Tl;Dr keepass with keyshare/syncthing has the same risks (or more) than a Bitwarden setup with bitwarden server.
In addition to all the above, bitwarden UX is I would say more developed, it has a better browser plugin, nice additional tools and other convenience features that are nice bonuses. It also allows me to have all my family using a password manager (including my tech illiterate mom), without them having to figure out anything, with the ability to share items, perform emergency accesses etc.
Edit: I can’t imagine this comment to be deemed off topic, so if someone downvoted simply to express disagreement, please feel free to correct or dispute what I wrote, as it would certainly make for an interesting conversation! Cheers
There’s often the ‘security vs. convenience’ tradeoff, but for most people you have both sides with Bitwarden over KeePass.
Bitwarden is undoubtedly more convenient. If you can create an account, you can use it. I have a family account, and have both of my parents using it. The love it now, but given the friction to get them there in the first place, it would impossible to get them on KeePass. Especially because they wanted their passwords on all devices.
Regardless of using Vaultwarden or KeePass, you need to have quite a bit of expertise to self host. And you are trusting your own ability to secure your attack surface. I’m sure many if not most in this thread can, but it would take me quite a while to convince myself I have. I would much rather trust security professionals.
Somewhat, although, potentially related. Have you seen Bitwarden’s git repos? It is immaculately organized.
Consistent, clear naming convention. There is literally one called ‘self-host’. If you put that much effort into keeping your code that useable/available/auditable etc. Oh yea. I’m going to trust you to handle security for me
This is one of the rare cases where I believe security through obscurity applies.
What is the most ripe attack target: the password hosting service with millions of user credentials, or literally some random IP address using syncthing that could be sending literally anything that you don’t know is passwords or porn.
Companies like Bitwarden and 1Password and LastPass are doomed to have failures, just like any major corporation. They are too big with too much attack surface, and clearly advertise that they have stuff worth stealing.
Me? My KeePass vault is synced via Syncthing with no relay data, so it only ever exists on my phone and desktop, and is encrypted with what is today functionally unbreakable encryption. Today at least (RIP when quantum chips get good).
And my data is a blade of grass in a field. Sure there is a narrow chance someone snooping on my entire geographic area and stealing packets like the FBI could grab some packets in transmission. But they show nothing, and mean nothing. And the FBI has easier ways to get our data anyways.
Point is, I’d rather take my odds as a heavily encrypted file syncs between singular devices like a drop of water in the ocean, versus putting all my diamonds in Joe’s Diamond Emporium and just hoping no one decides to steal MY diamonds when it (inevitably) gets robbed.
In this circumstance, you can turn on simple versioning for the password vault. It will keep both vault copies and you can merge your changes together manually in the event this happens, no loss of data.
For mobile I just give syncthing full permission to run in the background and have never had issues with the syncing on the folders I designate. Not saying it doesn’t happen, but I believe this can be solved.
However KeePassXC’s sync feature does sync the vault.
Syncthing does not have a server. The relay only serves to match your current client (device A) with the IP of your other client (device B). Nothing else passes through it unless you opt into using relaying in case you have NAT issues.
If you are paranoid, the software is open source and you can host your own relays privately, but again, it is similar to a matchmaking service, not data transfer.
Syncthing is a direct device to device transfer. No server in the middle unless you want it.
Agree on the versioning issue. In fact I mentioned that the issue is convenience here. It is also data corruption, but you probably are aware of that if you setup something like this. Manually merging changes is extremely annoying and eventually you end up forgetting it to do it, and you will discover it when you need to login sometime in the future (I used keepass for years in the past, this was constantly an issue for me). With any natively sync’d application this is not a problem at all. Hence +1 for convenience to bitwarden.
However KeePassXC’s sync feature does sync the vault.
How does it work though? From this I see you need to store the database in a cloud storage basically.
For mobile I just give syncthing full permission to run in the background and have never had issues with the syncing on the folders I designate.
I use this method for my notes (logseq). Never had synchronization problem, but a lot of battery drain if I let syncthing running in the background.
Nothing else passes through it unless you opt into using relaying in case you have NAT issues.
I guess this can be very common or even always the case for people using some ISPs. In general though, you are right. There is of course still the overall risk of compromise/CVEs etc. that can lead to your (encrypted) data being sent elsewhere, but if all your devices can establish direct connections between each other, your (encrypted) data is less exposed than using a fixed server.
If you are paranoid, the software is open source and you can host your own relays privately,
This would also defeat basically all the advantages of using keepass (and family) vs bitwarden. You would still have your data in an external server, you still need to manage a service (comparable to vaultwarden), and you don’t get all the extra benefits on bitwarden (like multi-user support etc.).
To be honest I don’t personally think that the disclosure of a password manager encrypted data is a big deal. As long as a proper password is used, and modern ciphers are used, even offline decryption is not going to be feasible, especially for the kind of people going after my passwords. Besides, for most people the risk of their client device(s) being compromised and their vault being accessible (encrypted) is in my opinion way higher than -say- Bitwarden cloud being compromised (the managed one). This means that for me there are no serious reasons to use something like keepass (anymore) and lose all the convenience that bitwarden gives. However, risk perception is personal ultimately.
KeePassXC you would put the sync-file itself into syncthing or something, and then KPXC would resolve changes between the sync file back to the main vault. I don’t use this method directly so I might be incorrect on the details, but it is possible to setup in a device to device manner.
You keep saying external server for syncthing, but again: syncthing does direct data transfers, encrypted end to end, between devices. It does not use cloud hosting or servers. It has the equivalent of a 90s FPS matchmaking lobby, so you can find your own devices latest IP.
You register the devices with each other with their generated ID codes. Then you ask the matchmaking server when it last saw that alias. It gives you the last IP that checked in with that unique alias. It then contacts that OP, and performs a handshake. If it passes, your two devices can now sync directly. The matchmaking relay has 0 data of yours, and 0 ability to associate your unique ID with a name, hardware, or anything other than a last seen IP. When on the same LAN, devices don’t even query the matchmaking relay if you don’t want. It’s totally offline.
If you elect to, you can allow relays to let you tunnel of you have NAT issues, and your end to end encrypted data can be synced through a relay. In those cases then yes, you are extending a bare minimum trust, and you fully encrypted data would temporarily pass on the relay’s RAM. If this makes you paranoid, you can easily add a password to the sync folder itself, encrypting it unless another user inputs the password on the other end. Adding another layer if you wanted.
I just get nothing from Bitwarden that syncthing and KeePass don’t offer more easily. Syncthing works for tons of devices and other purposes as well, preventing to host a password sharing only tool, and just letting you use a direvy device to device sync tool. I don’t know how or why you would have vault conflicts, but it really does sound like something fixable. Running this for years and I’ve never run into it.
One of many reasons is the nonfree nature of Bitwarden. You have to pay for a premium account to use certain methods of 2FA, for example (last I checked).
Yes. That’s true. Not to be argumentative, does KeePass have the features that are paywalled by Bitwarden?
KeePassXC has support for hardware security keys as a form of 2FA, so yes :)
TIL Thank You